social engineering
social engineering

As long as humans are involved in a company, its security will remain as foolproof as their behaviour. It’s rightly said that there is no patch for human stupidity. All the members of an organisation have some kind of access to information that is valuable enough to facilitate an attack. But simply due to lack of diligence and awareness, people end up doing more harm than good to their companies.
Social engineering is a process, or rather a skill used by attackers to deceive people and make them give away confidential information. If you are a part of a company or you run a company yourself, keep on reading to know what could put you at risk of data breach.

 

1. Impersonating: How much should you believe people?

Attackers use this social engineering technique to extract important data by pretending to be someone else. They usually target employees who are unlikely to question authorities or who are not careful enough to cross check people’s identity, especially in time of an emergency. They could be receptionists, low level employees, or even general helpers who have keys to important rooms.

impersonating
Clue
Example
Tip for employers
Tip for employees
Pro tip
ClueAttackers will create urgency to try avoiding proving their identity.
ExampleSomeone calling as the manager/IT consultant in urgent need for a password.
Tip for employersSet an identity confirming protocol among the entire staff including top management.
Tip for employeesAsk the person in question to follow the protocol, no matter who they say they are or how urgent the situation is.
Pro tipWhen it comes to outsiders, like technicians who need credentials for fixing a problem, give them a code beforehand which they can provide when asked for verification.

2. Phishing: How much you should believe the internet?

The trust we put on the internet sometimes puts us at a disadvantage. Through emails, messages or popups, attackers may lead us to fake or malicious webpages where we are prompted to enter critical data. The messages are either excessively tempting or reeking of urgency so that the viewer is tricked into taking quick action without verifying the source. Individuals and organisations could easily fall prey to giving away their confidential information like bank passwords via phishing.

phishing email content
Clue
Example
Tip
Pro tip
ClueSense of urgency in the message.
Leads you to another web page.
ExampleAn email stating it’s from the bank and requires you to click on a link and login to your bank account.
TipIf you find it even slightly suspicious, refrain from clicking on the link and cross check with the actual institution first. 
Pro tipLook out for other kinds of phishing via: SMS (Smishing), VoIP (Vishing), or Instant Messenger (Spimming).

3. Fake apps: How much you should trust apps?

Everyday we download a number of applications on our devices to make our lives a little bit easier which is why mobile applications are a fertile ground for dispensing harmful attacks. Hackers use this social engineering technique to create fake or malicious apps that could compromise your device. They even alter legit apps into their own malicious versions and upload them for users to download.

fake whatsapp on playstore
Clue
Example
Pro tip 
ClueThere is a trigger (in the form of message or popup) to download the app.
ExampleA message asking you to download a specific bank security app.
Pro tipCross check the developer before downloading any app. Go online and read reviews about the app/developer.

4. Other human based ways: How aware are you of your environment?

The rest of the highly common techniques used by attackers to steal data are:

Eavesdropping

Eavesdropping

An unauthorized personnel listening closely to conversations.

Dumpster diving

Dumpster diving

Searching trash bins for valuable data.

Shoulder surfing

Shoulder surfing

Looking over someone’s shoulder to catch passwords or information.

Tailgating

Tailgating

Entering an area by closely following an authorized person through the door.

Individuals/employees tend to ignore such behaviour easily and end up putting their or their company’s security at stake.

Clue
Example
Pro tip 
ClueSomeone following or lurking. An unusual device in your surroundings.
ExampleAn unclaimed mobile phone lying in a meeting with its voice recorder on.
Pro tipUse a shredder to dispose work documents. 
Keep distance from unknown people while entering a restricted area.

If only everybody was conditioned to be more aware of such behaviours, these data stealing incidents would be substantially reduced. As an employer, educating and training the employees is the best way to mitigate cyber attacks. Do you have any ideas on how to protect your data? Say it in a comment below! And if this helped you, share it with others and spread the awareness!

Read more. Know more. Grow more.

Learn cybersecurity inside out

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*


©2020 Tech Brewery. All Rights Reserved.

Log in with your credentials

or    

Forgot your details?

Create Account